OpenOffice.org vulnerability

2005-05-06T00:00:00
ID USN-121-1
Type ubuntu
Reporter Ubuntu
Modified 2005-05-06T00:00:00

Description

The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.

The update for Ubuntu 5.04 (Hoary Hedgehog) also contains a translation update: The “openoffice.org-l10n-xh” package now contains actual Xhosa translations (the previous version just shipped English strings).